Setup and configure ssh public key authentication on Ubuntu

The Goal

To setup and configure ssh key-based Authentication on Ubuntu 14.04 to provide more secure and convenient passwordless access to other Linux servers via ssh.

This guide assumes that you already have the OpenSSH client installed on the source client and the OpenSSH server installed on the destination server and that both systems are Ubuntu 14.04. However, the process steps below apply to many different versions of Linux.

The Process

If you don't have the required software installed at either end follow the instructions below:

To install the OpenSSH client run the command below on the client:

sudo apt-get install openssh-client

To install the OpenSSH server first update the system then perform the package install by running the command below :

sudo apt-get update
sudo apt-get install openssh-server

Now that you have the required software setup at either end we can proceed with the ssh keys setup.

1. Firstly, on the client server generate the ssh key pair:

ssh-keygen -t rsa

Hit Enter at every resulting prompt, which will produce two files: id_rsa.pub (public key) and id_rsa (private key). The full output will look like this:

japinator@client:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/japinator/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/japinator/.ssh/id_rsa.
Your public key has been saved in /home/japinator/.ssh/id_rsa.pub.
The key fingerprint is:
16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48 japinator@client
The key's randomart image is:
+--[ RSA 2048]----+
|        .        |
|       + .       |
|      . B .      |
|     o * +       |
|    X * S        |
|   + O o . .     |
|    .   E . o    |
|       . . o     |
|        . .      |
+-----------------+

The public and private keys will be created in your home directory in the hidden .ssh folder, which in my case was /home/japinator/.ssh. You can see both ssh keys in the .ssh folder below:

japinator@client:~$ ls -la .ssh/
total 20
drwx------  2 japinator japinator 4096 Jul 19 17:22 .
drwxr-xr-x 13 japinator japinator 4096 Jul 19 17:24 ..
-rw-------  1 japinator japinator 1675 Jul 19 17:22 id_rsa
-rw-r--r--  1 japinator japinator  402 Jul 19 17:22 id_rsa.pub
-rw-r--r--  1 japinator japinator  666 Jun 20  2016 known_hosts

2. Login to the destination server and edit the /etc/ssh/sshd_config file in a file editor of your choice, mine is nano:

nano /etc/ssh/sshd_config

Then un-comment (remove the # at the beginning) the following parameters:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

Then save the changes by pressing Ctrl + x in nano.

3. If you don't have a .ssh folder in your home directory on the destination server then create it as well as the authorized_keys file:

cd ~
mkdir .ssh/
touch .ssh/authorized_keys

If you already have a .ssh folder in your home directory and an authorized_keys file within it then ignore this step and go to the next step below.

4. Configure appropriate permissions on the .ssh folder and the authorized_keys file:

chmod 700 .ssh
chmod 644 .ssh/authorized_keys

5. From the client copy the public key (id_rsa.pub) to the destination server by running the following command:

cat $HOME/.ssh/id_rsa.pub | ssh japinator@server "cat >> .ssh/authorized_keys"

You will be prompted for the password on the destination server, enter it and the copy should complete successfully. The above command copies the contents of the public key into the ~/.ssh/authorized_keys file on the server.

6. Everything is now setup for password less ssh access access from the client to  the server. Test it from the client, by running:

ssh japinator@server

You will not be prompted for a password and the authentication is handled by the public key. The output below confirms that there was no password prompt when accessing the server:

japinator@client:~$ ssh japinator@server
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-25-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Sat Jul 22 13:46:59 BST 2017

  System load:  0.0                Processes:           121
  Usage of /:   14.4% of 35.07GB   Users logged in:     1
  Memory usage: 4%                 IP address for eth0: 10.10.10.11
  Swap usage:   0%

  Graph this data and manage this system at:
    https://landscape.canonical.com/

267 packages can be updated.
162 updates are security updates.

New release '16.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

Last login: Sat Jul 22 13:24:10 2017 from 10.10.10.10
japinator@server:~$

Pretty simple right? For a lazy character such as myself this authentication method is perfect as it requires much less effort and provides much more security than password based authentication.

Reference(s)

How To Configure SSH Key-Based Authentication on a Linux Server

How To Setup SSH Keys on a Linux / Unix System

How to Secure an SSH Server in Ubuntu 14.04